Halting Problems

An automated threat intelligence aggregator providing a central hub for supply chain attacks and actively exploited vulnerabilities.

SIEM Ingestion Feed docs
Analyses
86
Machine-readable
JSON feed
Hunting
Scripts tracked
Severity
86 analyses shown
critical26 signals

pnpm Package-Manager Supply-Chain Advisory Batch

pnpm disclosed a cluster of package-manager vulnerabilities affecting lockfile integrity, Git dependency fetching, repository registry configuration, patch application, and symlink creation; responders should inventory vulnerable pnpm versions and review credential-bearing install paths.

Signals
26
Last updated
2026-06-27
Hunting
Has script
#supply-chainnpm
critical11 signals

@cyclonedx/cdxgen Maven Scanner Command Injection

CycloneDX cdxgen before 12.4.3 could execute shell metacharacters from repository-controlled Maven module paths when scanning attacker-controlled projects, putting developer workstations and CI SBOM runners at risk.

Signals
11
Last updated
2026-06-26
Hunting
Has script
#supply-chainnpm
critical53 signals

Immobiliare Labs Backstage npm Packages Hit by Phantom Gyp

On June 26, 2026, multiple @immobiliarelabs Backstage plugin versions were published to npm with a binding.gyp node-gyp hook and a new 5 MB index.js payload. Treat affected Backstage builds and developer or CI installs as credential exposure until lockfiles, package caches, and downstream audits are clean.

Signals
53
Last updated
2026-06-26
Hunting
Has script
#supply-chainnpm
critical44 signals

Leo Platform npm Miasma / Phantom Gyp Compromise

StepSecurity disclosed a June 24, 2026 Leo Platform npm supply-chain compromise affecting 20 packages published in a three-second burst. Socket and Sonatype then tied three more malicious npm packages to the same Miasma / Mini Shai-Hulud Phantom Gyp tradecraft, extending the incident into a 23-package campaign update.

Signals
44
Last updated
2026-06-25
Hunting
Has script
#supply-chainnpm
critical22 signals

simonecorsi/mawesome GitHub Action Tag Hijack

Mutable refs for simonecorsi/mawesome including latest, v1, v2, and v2.2.0 currently resolve to a composite action that installs Bun and always runs an obfuscated JavaScript payload, exposing GitHub Actions runners that still trust those tags.

Signals
22
Last updated
2026-06-25
Hunting
Has script
#supply-chaingithub actions
critical24 signals

codfish/semantic-release-action GitHub Action Tag Hijack

An attacker force-pushed a malicious composite action into codfish/semantic-release-action and moved fifteen published tags to that commit, exposing GitHub Actions runners that still trusted mutable refs such as v3, v4, and v5.

Signals
24
Last updated
2026-06-24
Hunting
Has script
#supply-chaingithub actions
critical13 signals

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

StepSecurity and JetBrains say 15 malicious JetBrains Marketplace plugins stole AI provider API keys from developers, then a remote kill-switch and marketplace purge removed the listings and banned the publisher accounts.

Signals
13
Last updated
2026-06-19
Hunting
Has script
#supply-chainjetbrains-marketplace
medium20 signals

buffer-utilities: Lazarus Group npm Brandjacking Dropper

Sonatype and JFrog describe buffer-utilities as a malicious npm brandjacking package in a Lazarus Group campaign; the package acts as a dropper that fetches and launches remote payloads.

Signals
20
Last updated
2026-06-18
Hunting
Has script
#supply-chainnpm
medium19 signals

Mastra npm Supply Chain Attack

On 2026-06-17, public reporting described an @mastra package-scope compromise that pushed easy-day-js as a malicious dependency across 140+ packages, executed a setup.cjs postinstall dropper, and exposed more than 1.1 million weekly downloads to second-stage credential theft and remote code execution behavior.

Signals
19
Last updated
2026-06-17
Hunting
Has script
#supply-chainnpm
medium6 signals

Pythagora gpt-pilot GitHub Compromise

An attacker hijacked a Pythagora co-founder's GitHub account, force-pushed a Shai-Hulud credential-stealer to gpt-pilot's main branch, and lost the payload twice to ruff lint failures before any public downstream execution was shown.

Signals
6
Last updated
2026-06-17
Hunting
Has script
#supply-chainGitHub
medium0 signals

Cisco Catalyst SD-WAN Manager CVE-2026-20262: KEV Path Traversal in the Management Plane

CISA added Cisco Catalyst SD-WAN Manager CVE-2026-20262 to KEV on 2026-06-15 with a 2026-06-29 due date. Cisco says authenticated attackers with at least write access can abuse a web-UI file-upload path traversal to create or overwrite files on affected systems across all SD-WAN deployment types.

Signals
0
Last updated
2026-06-15
Hunting
Has script
#supply-chain
medium0 signals

LiteSpeed cPanel Plugin CVE-2026-54420: KEV Symlink-Following Exposure in Shared Hosting

CISA added LiteSpeed cPanel Plugin CVE-2026-54420 to KEV on 2026-06-15 with a 2026-06-18 due date. LiteSpeed says v2.4.8, bundled with WHM Plugin v5.3.2.1, fixes a symlink-following flaw that can let a user with FTP or web shell access escalate to root on shared hosting servers running CloudLinux/CageFS.

Signals
0
Last updated
2026-06-15
Hunting
Has script
#supply-chain
medium7 signals

OptinMonster Supply Chain Attack

Awesome Motive's CDN-hosted SDK files for WordPress plugins OptinMonster, TrustPulse, and PushEngage were tampered to inject malicious JavaScript. When an administrator logs in, the payload runs in their context, creates rogue administrator accounts, and silently installs a self-hiding PHP backdoor plugin, exfiltrating credentials to tidio[.]cc.

Signals
7
Last updated
2026-06-12
Hunting
Has script
#supply-chain
medium4 signals

Oracle PeopleSoft CVE-2026-35273: KEV SSRF-to-RCE Zero-Day Exploitation

CISA added actively exploited Oracle PeopleSoft PeopleTools CVE-2026-35273 to KEV on 2026-06-12. Affects PSEMHUB in versions 8.61 and 8.62, allowing unauthenticated remote code execution exploited by ShinyHunters.

Signals
4
Last updated
2026-06-12
Hunting
Has script
#supply-chain
medium0 signals

Ivanti Sentry CVE-2026-10520: KEV Pre-Auth OS Command Injection

CISA and Ivanti confirmed active exploitation of CVE-2026-10520, a critical pre-authentication OS command injection vulnerability in Ivanti Sentry. Attackers can execute arbitrary commands with root privileges by sending a crafted HTTP POST request to Sentry MICS APIs.

Signals
0
Last updated
2026-06-11
Hunting
Has script
#supply-chain
medium2 signals

Arista EOS CVE-2026-7473: KEV Tunneled Packet Decapsulation Bypass

CISA added actively exploited Arista EOS CVE-2026-7473 to KEV on 2026-06-09. Affected tunnel endpoints may decapsulate unexpected protocols sent to a configured decapsulation IP; Arista rates the issue Medium and provides configuration checks and ACL mitigations.

Signals
2
Last updated
2026-06-09
Hunting
Has script
#supply-chain
medium14 signals

Check Point Security Gateway CVE-2026-50751: KEV VPN Authentication Bypass

Check Point and CISA confirmed active exploitation of CVE-2026-50751, an IKEv1 Remote Access and Mobile Access authentication bypass. Check Point observed targeting from May 7, 2026, added campaign IOCs through June 10, and linked one post-compromise case to a Qilin ransomware affiliate.

Signals
14
Last updated
2026-06-08
Hunting
Has script
#supply-chain
medium79 signals

Hades PyPI Graph ML Memory Scraper Campaign

StepSecurity reported the Hades campaign across graph ML and bioinformatics PyPI packages, using Python import hooks to download Bun v1.3.14, run _index.js, scrape secrets across Linux/macOS/Windows runners, plant developer-tooling persistence, and create GitHub exfiltration repositories.

Signals
79
Last updated
2026-06-08
Hunting
Has script
#supply-chainunknown
medium0 signals

LiteLLM CVE-2026-42271: KEV Command Injection in AI Proxy Servers

CISA added BerriAI LiteLLM CVE-2026-42271 to its KEV catalog on 2026-06-08 due to active exploitation. This high-severity command injection vulnerability in MCP server preview endpoints allows authenticated (or unauthenticated, when chained with CVE-2026-48710) users to run arbitrary shell commands on the host proxy.

Signals
0
Last updated
2026-06-08
Hunting
Has script
#supply-chain
medium7 signals

Hades Cluster PyPI Worm Abuses Python Startup Hooks

Socket disclosed 37 malicious PyPI wheels on June 7, 2026 and 23 additional malicious release artifacts on June 8, while StepSecurity's June 16 report independently re-corroborated the Hades cluster through mflux-streamlit and mrbios coverage. Hades-linked loaders abuse Python startup hooks or native extensions to execute Bun-launched credential stealers.

Signals
7
Last updated
2026-06-07
Hunting
Has script
#supply-chain
medium0 signals

Linux Kernel cgroups v1 Container Escape CVE-2022-0492 Added to KEV

CISA added the Linux Kernel cgroups v1 container escape vulnerability (CVE-2022-0492) to KEV on 2026-06-02. The flaw allows unprivileged container processes with CAP_SYS_ADMIN or uid 0 to write to cgroups release_agent files and execute code on the host, escaping the container namespace. System operators should audit host kernels, verify container capabilities, and disable unprivileged user namespaces.

Signals
0
Last updated
2026-06-06
Hunting
Has script
#supply-chain
medium0 signals

Claude Code GitHub Action Secret Exposure

Microsoft reported that the Claude Code GitHub Action could expose workflow secrets through a Read-tool path that reached /proc/self/environ; Anthropic shipped v2.1.128 as the fixed release.

Signals
0
Last updated
2026-06-05
Hunting
Has script
#supply-chain
medium13 signals

Miasma DurableTask GitHub Repository Compromise

On June 5, 2026, the official Azure/durabletask GitHub repository was compromised. Threat actors pushed a backdated commit ('Switched DataConverter to OrchestrationContext [skip ci]') that added a malicious tasks.json and configuration files targeting AI coding tools to execute credential-stealing payloads. Later follow-up reporting showed the broader Miasma/Hades campaign continued spreading across npm and PyPI through open-time and import-time triggers.

Signals
13
Last updated
2026-06-05
Hunting
Has script
#supply-chain
medium16 signals

Miasma Worm Hits Microsoft Azure Repositories

StepSecurity reported that the Miasma worm reached Microsoft Azure GitHub organizations after a compromised contributor account pushed malicious workspace and AI-assistant hook files into Azure/durabletask, prompting GitHub to disable 73 repositories across four Microsoft organizations.

Signals
16
Last updated
2026-06-05
Hunting
Has script
#supply-chainunknown
medium3 signals

Mirasvit Cache Warmer CVE-2026-45247 Added to KEV

CISA added Mirasvit Cache Warmer for Magento 2 CVE-2026-45247 to KEV on 2026-06-03. Adobe Commerce and Magento operators should verify Cache Warmer versions, collect admin and web logs, and hunt for suspicious module and admin activity.

Signals
3
Last updated
2026-06-05
Hunting
Has script
#supply-chain
medium1 signals

Phantom Gyp npm Worm Abuses node-gyp Build Hooks

Snyk disclosed a June 2026 npm supply-chain wave that abuses native-addon build behavior through binding.gyp and node-gyp. The Phantom Gyp/Miasma activity affects packages including @vapi-ai, abandoned-package, and autotel packages and should be handled as install-time credential exposure.

Signals
1
Last updated
2026-06-05
Hunting
Has script
#supply-chain
medium6 signals

SolarWinds Serv-U CVE-2026-28318: KEV Denial of Service Vulnerability in Managed File Transfer

CISA added SolarWinds Serv-U CVE-2026-28318 to KEV on 2026-06-05, indicating active exploitation. The high-severity vulnerability allows remote, unauthenticated attackers to cause a Denial of Service (DoS) by sending specially crafted HTTP POST requests with a Content-Encoding: deflate header. SolarWinds has released version 15.5.4 Hotfix 1 to address the flaw.

Signals
6
Last updated
2026-06-05
Hunting
Has script
#supply-chain
medium1 signals

IronWorm npm Supply-Chain Worm Uses eBPF Rootkit

JFrog Security disclosed IronWorm, a Rust-based npm information-stealing worm found in 36 package versions. It uses an eBPF rootkit and Tor for stealth and propagates through stolen credentials and trusted publishing workflows.

Signals
1
Last updated
2026-06-03
Hunting
Has script
#supply-chain
medium30 signals

Miasma npm Phantom Gyp Self-Spreading Worm

StepSecurity reported the Miasma worm as a 57-package, 286-plus-version npm compromise that abused binding.gyp/Phantom Gyp execution, downloaded Bun, stole CI and developer credentials, and used GitHub repositories as exfiltration and propagation infrastructure.

Signals
30
Last updated
2026-06-03
Hunting
Has script
#supply-chainunknown
medium5 signals

Android Framework CVE-2025-48595: KEV Local Privilege Escalation

Google says Android Framework CVE-2025-48595 may be under limited, targeted exploitation. The high-severity integer-overflow issue affects Android 14, 15, 16, and 16 QPR2 and is addressed at the 2026-06-01 security patch level.

Signals
5
Last updated
2026-06-02
Hunting
Has script
#supply-chain
medium4 signals

Red Hat Cloud Services npm Trusted-Publishing Compromise

Multiple @redhat-cloud-services npm packages were compromised on 2026-06-01 through trusted-publishing abuse tied to the Mini Shai-Hulud Miasma wave. The malicious releases added install-time payload execution, credential collection, destructive fallback behavior, and GitHub workflow tampering risk.

Signals
4
Last updated
2026-06-02
Hunting
Has script
#supply-chain
medium4 signals

cPanel & WHM CVE-2026-41940: KEV Authentication Bypass in Hosting Control Planes

CISA added WebPros cPanel & WHM and WP2 CVE-2026-41940 to KEV on 2026-04-30 and marks ransomware use as known. WebPros patched many cPanel branches and WP2 136.1.7, provided session-file IOC checks, and urged immediate update or service exposure reduction.

Signals
4
Last updated
2026-06-01
Hunting
Has script
#supply-chain
medium6 signals

Linux Copy Fail CVE-2026-31431: KEV Privilege Escalation on Shared Build Hosts

CISA added Linux kernel CVE-2026-31431 to KEV on 2026-05-01. Theori's Copy Fail research ties the bug to AF_ALG AEAD in-place operation and shows why shared CI runners, Kubernetes nodes, and multi-tenant Linux hosts need kernel patch proof or AF_ALG mitigation.

Signals
6
Last updated
2026-06-01
Hunting
Has script
#supply-chain
medium4 signals

Malware-Slop mouse5212-super-formatter npm Package Targets AI Workspaces

Snyk and OX tracked mouse5212-super-formatter as a malicious npm package published on 2026-05-26 and removed on 2026-05-27. The package should be treated as credential theft risk for AI-assisted workspaces, Claude/Cursor context files, GitHub tokens, npm tokens, and build logs.

Signals
4
Last updated
2026-06-01
Hunting
Has script
#supply-chain
medium0 signals

Oracle WebLogic Server CVE-2024-21182: KEV Authentication Bypass

CISA added Oracle WebLogic Server CVE-2024-21182 to its KEV catalog on 2026-06-01 due to active exploitation. This high-severity authentication bypass vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise the server and gain unauthorized access to critical data.

Signals
0
Last updated
2026-06-01
Hunting
Has script
#supply-chain
medium0 signals

Microsoft-tracked npm dependency-confusion developer-profiling campaign

Microsoft attributed a 33-package npm dependency-confusion campaign to shared postinstall tradecraft that profiled developer environments, ran in reconnaissance-only mode, and beaconed to a shared command-and-control endpoint.

Signals
0
Last updated
2026-05-29
Hunting
Has script
#supply-chain
medium21 signals

GemStuffer RubyGems Exfiltration Channel

GemStuffer used RubyGems package publishing as a data-staging channel, wrapping scraped UK council ModernGov portal responses into junk gem artifacts published with embedded RubyGems API keys.

Signals
21
Last updated
2026-05-28
Hunting
Has script
#supply-chain
medium8 signals

Sicoob.Sdk NuGet Certificate Exfiltration

Malicious Sicoob.Sdk NuGet releases impersonated a banking SDK and exfiltrated Sicoob client IDs, PFX passwords, and base64-encoded PFX certificate archives through a hardcoded Sentry endpoint.

Signals
8
Last updated
2026-05-28
Hunting
Has script
#supply-chain
medium4 signals

vpmdhaj npm OpenSearch Typosquats Steal Cloud and CI/CD Secrets

Microsoft reported 14 typosquatted npm packages under the vpmdhaj scope that impersonated OpenSearch, AWS SDK, STS, and Bun packages while collecting AWS, GitHub Actions, npm, Vault, Kubernetes, SSH, and local cloud configuration secrets.

Signals
4
Last updated
2026-05-28
Hunting
Has script
#supply-chain
medium4 signals

GlassWorm Developer Supply-Chain Botnet Takedown

CrowdStrike, Google, and Shadowserver disrupted GlassWorm command-and-control on 2026-05-26 after the campaign used malicious IDE extensions, packages, and poisoned repositories to compromise developer systems.

Signals
4
Last updated
2026-05-27
Hunting
Has script
#supply-chain
medium0 signals

LiteSpeed cPanel Plugin CVE-2026-48172: Root Privilege Escalation

CISA added LiteSpeed User-End cPanel Plugin CVE-2026-48172 to KEV on 2026-05-26 with a 2026-05-29 due date. NVD and LiteSpeed now provide exact advisory links, affected version bounds, and the vendor log-check command for redisAble exploitation.

Signals
0
Last updated
2026-05-27
Hunting
Has script
#supply-chain
medium3 signals

Windows Shell CVE-2026-32202 KEV: Zero-Click NTLM Coercion

CVE-2026-32202 is an actively exploited Windows Shell protection-mechanism failure that Akamai traced to an incomplete patch for an APT28 LNK exploit chain, allowing zero-click NTLM authentication coercion when Explorer renders a malicious shortcut.

Signals
3
Last updated
2026-05-27
Hunting
Has script
#supply-chain
medium1 signals

Chromium Background Fetch Zero-Day: Persistent Service Worker Exposure

A public Chromium Background Fetch proof of concept showed that a service worker could repeatedly start background fetches after a malicious page visit. Chromium restricted BackgroundFetchManager.fetch() from service-worker contexts on May 21, 2026; downstream deployment remained browser- and channel-specific through June 10.

Signals
1
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Cisco Catalyst SD-WAN CVE-2026-20182: KEV Control-Plane Exposure

CISA added Cisco Catalyst SD-WAN CVE-2026-20182 to KEV on 2026-05-14. Cisco confirmed limited exploitation, published fixed releases, and documented vmanage-admin authentication and anomalous control-connection evidence for compromise review.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Drupal Core CVE-2026-9082: KEV SQL Injection Exposure

CISA added Drupal Core CVE-2026-9082 to KEV on 2026-05-22. The exploitable surface is PostgreSQL-backed Drupal Core in affected 8.9.x, 10.x, and 11.x ranges; this article provides composer, settings, and telemetry scripts for exposure and closure.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Langflow CVE-2025-34291: KEV Origin Validation Exposure

CISA added Langflow CVE-2025-34291 to KEV on 2026-05-21. The issue combines permissive CORS and credentialed refresh-token behavior; this article provides dependency, container, HTTP telemetry, and token-abuse audit scripts.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Microsoft Defender CVE-2026-41091: KEV Engine EoP Exposure

CISA added Microsoft Defender CVE-2026-41091 to KEV on 2026-05-20. MSRC marks exploitation detected and gives the exact fixed Malware Protection Engine version 1.1.26040.8.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Microsoft Defender CVE-2026-45498: KEV Platform DoS Exposure

CISA added Microsoft Defender CVE-2026-45498 to KEV on 2026-05-20. MSRC marks exploitation detected and gives the exact fixed Defender Antimalware Platform version 4.18.26040.7.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Microsoft Exchange CVE-2026-42897: KEV OWA Mitigation Exposure

CISA added Exchange Server CVE-2026-42897 to KEV on 2026-05-15. MSRC marks exploitation detected and points to Exchange Emergency Mitigation Service mitigation ID M2 rather than a normal update table.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

PAN-OS CVE-2026-0300: Captive Portal Remote Root RCE

CISA added PAN-OS CVE-2026-0300 to KEV on 2026-05-06. The vulnerability involves an out-of-bounds write in the User-ID Authentication Portal (Captive Portal) affecting PA-Series and VM-Series firewalls, leading to unauthenticated remote root code execution; this article provides config audits and post-compromise triage scripts.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Starlette CVE-2026-48710: BadHost Authentication Bypass

Starlette CVE-2026-48710 (BadHost) is a Host-header URL reconstruction flaw fixed in Starlette 1.0.1. New OSTIF, X41, Tenable, and BadHost scanner sources clarify that the highest-risk deployments are FastAPI/Starlette/LLM services whose middleware makes security decisions from request.url.path.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Trend Micro Apex One CVE-2026-34926: KEV Server Build Exposure

CISA added Trend Micro Apex One CVE-2026-34926 to KEV on 2026-05-21. Trend Micro reports at least one in-the-wild attempt and fixed builds 17079, 18012, and 14.0.20731; this article provides build-export and agent-deployment audit scripts.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium0 signals

Windows cldflt.sys Zero-Day: MiniPlasma Kernel LPE

MiniPlasma is a public Windows cldflt.sys Cloud Filter driver LPE proof of concept that BleepingComputer tested on fully patched Windows 11 Pro with May 2026 updates. The article now replaces generic secondary sourcing with exact reporting and narrows the claim to local SYSTEM escalation.

Signals
0
Last updated
2026-05-26
Hunting
Has script
#supply-chain
medium14 signals

art-template npm Coruna Browser Exploit Compromise

Unauthorized art-template releases 4.13.3, 4.13.5, and 4.13.6 modified the browser bundle to load remote JavaScript. The later chain delivered a Coruna iOS exploit framework; npm has removed 4.13.5 and 4.13.6, while 4.13.2 remains the last verified clean release.

Signals
14
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium7 signals

Laravel-Lang Composer Tag Rewrite RCE Compromise

Four Laravel-Lang repositories were compromised through rewritten Composer tags that loaded a PHP backdoor through Composer autoload. Maintainers restored the tags on May 23, but installs from the exposure window require credential rotation and commit-level verification.

Signals
7
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium5 signals

Megalodon GitHub Actions Secret Exfiltration Campaign

Megalodon added malicious GitHub Actions workflows to thousands of public repositories to collect environment variables, cloud credentials, source-control secrets, and runner tokens.

Signals
5
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium1 signals

Packagist GitHub Postinstall Hook Malware Campaign

A campaign inserted malicious package.json postinstall hooks into Packagist-linked GitHub repositories, causing npm install workflows to download and execute a GitHub Releases binary as /tmp/.sshd.

Signals
1
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium6 signals

shopsprint/decimal Go Module DNS Backdoor Typosquat

The Go module github.com/shopsprint/decimal typosquatted github.com/shopspring/decimal and used an init-time DNS TXT command loop in v1.3.3.

Signals
6
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium6 signals

TrapDoor Cross-Ecosystem Crypto Stealer Campaign

TrapDoor is an active cross-registry supply-chain campaign using npm postinstall hooks, PyPI import-time execution, and Rust build scripts to steal developer, cloud, SSH, and crypto wallet secrets.

Signals
6
Last updated
2026-05-24
Hunting
Has script
#supply-chain
medium15 signals

Mini Shai-Hulud Self-Propagating Software Supply Chain Worm

Mini Shai-Hulud is a self-propagating npm/PyPI supply-chain worm. JFrog's May 12 and May 19 updates add a broader count of 170+ npm and 2 PyPI packages, a 323-package @antv wave, and a related @cap-js/openapi 1.4.1 variant.

Signals
15
Last updated
2026-05-23
Hunting
Has script
#supply-chain
medium2 signals

Microsoft DurableTask Python SDK PyPI Hijacking

On May 19, 2026, the official Microsoft durabletask Python SDK was compromised on PyPI. Threat actors used hijacked publishing credentials to directly upload malicious versions containing a cloud credential-harvesting payload.

Signals
2
Last updated
2026-05-19
Hunting
Has script
#supply-chain
medium14 signals

actions-cool GitHub Actions Tag Hijack Credential Theft

StepSecurity reported that all tags for actions-cool/issues-helper, and the related actions-cool/maintain-one-comment action, were moved to imposter commits that downloaded Bun, scraped Runner.Worker memory, and exfiltrated secrets to t.m-kosche.com.

Signals
14
Last updated
2026-05-18
Hunting
Has script
#supply-chainunknown
medium4 signals

Nx Console VS Code Extension Compromise

On May 18, 2026, the official Nx Console VS Code extension was compromised when attackers used an OAuth token stolen in the TanStack compromise to publish malicious version v18.95.0, resulting in the theft of 3,800 internal GitHub repositories.

Signals
4
Last updated
2026-05-18
Hunting
Has script
#supply-chain
medium2 signals

Node-IPC Expired Domain & Maintainer Account Hijacking

On May 14, 2026, the highly popular Node.js library node-ipc was compromised in a major supply chain attack. Attackers re-registered the expired email domain of a dormant lead maintainer to reset their npm account password and publish credential-stealing updates.

Signals
2
Last updated
2026-05-14
Hunting
Has script
#supply-chain
medium7 signals

TanStack CI/CD Release Pipeline Poisoning

On May 11, 2026, the popular open-source project TanStack fell victim to a CI/CD release pipeline poisoning attack. Threat actors hijacked the release pipeline via a pull request exploitation vector and OIDC token theft to publish 84 backdoored versions across 42 packages.

Signals
7
Last updated
2026-05-11
Hunting
Has script
#supply-chain
medium7 signals

intercom-client npm Mini Shai-Hulud Compromise

Intercom says an attacker published `intercom-client@7.0.4` on April 30, 2026 using credentials from a compromised developer account. The package executed a Bun-launched credential stealer during installation and was removed within hours.

Signals
7
Last updated
2026-04-30
Hunting
Has script
#supply-chain
medium1 signals

Lightning PyPI Bun-Based Credential Stealer

On April 30, 2026, malicious `lightning` PyPI releases 2.6.2 and 2.6.3 shipped an import-time loader that bootstrapped Bun and executed a large obfuscated JavaScript credential stealer.

Signals
1
Last updated
2026-04-30
Hunting
Has script
#supply-chain
medium26 signals

Mini Shai-Hulud SAP npm Bun Runtime Payloads

StepSecurity described a Mini Shai-Hulud npm campaign against SAP-related packages where preinstall hooks downloaded Bun, launched an obfuscated payload, scraped runner memory, created public GitHub dead-drop repositories, and attempted developer-workstation persistence.

Signals
26
Last updated
2026-04-29
Hunting
Has script
#supply-chainunknown
medium6 signals

elementary-data PyPI and GHCR GitHub Actions Compromise

A malicious `elementary-data==0.23.3` release was pushed to PyPI and GHCR after attackers exploited a GitHub Actions script-injection path, adding an interpreter-startup `.pth` infostealer.

Signals
6
Last updated
2026-04-25
Hunting
Has script
#supply-chain
medium9 signals

Bitwarden CLI npm 2026.4.0 Credential Stealer

Bitwarden confirmed that @bitwarden/cli@2026.4.0 was maliciously distributed through the npm CLI delivery path for a short April 22, 2026 window. CVE-2026-42994 tracks the incident; artifact analysis tied the package to bw_setup.js, bw1.js, Bun bootstrap, credential theft, and GitHub fallback channels.

Signals
9
Last updated
2026-04-22
Hunting
Has script
#supply-chain
medium5 signals

Xinference PyPI 2.6.x Import-Time Credential Exfiltration

JFrog reported that the legitimate PyPI package xinference shipped malicious versions 2.6.0, 2.6.1, and 2.6.2 with import-time code in xinference/__init__.py. The payload collected host and secret material into love[.]tar[.]gz and posted it to whereisitat[.]lucyatemysuperbox[.]space with header X-QT-SR: 14.

Signals
5
Last updated
2026-04-22
Hunting
Has script
#supply-chain
medium17 signals

Axios npm Package Compromise (UNC1069)

On March 31, 2026, the popular JavaScript HTTP client Axios was compromised when attackers hijacked a lead maintainer's npm account, publishing malicious versions containing a phantom dependency to drop a cross-platform Remote Access Trojan (RAT).

Signals
17
Last updated
2026-03-31
Hunting
Has script
#supply-chain
medium2 signals

Crypto Private Key Stealer Solana/Ethereum Typosquats

Socket disclosed five npm typosquats targeting Solana and Ethereum developers on 2026-03-24. Registry metadata shows malicious releases dating from 2025-11-18 through 2026-02-16; npm replaced four package records with security placeholders on 2026-04-01.

Signals
2
Last updated
2026-03-24
Hunting
Has script
#supply-chain
medium2 signals

LiteLLM Python SDK PyPI Hijacking & Cascading Trust Failure

On March 24, 2026, the popular LiteLLM Python package was compromised on PyPI. Attackers harvested PyPI publishing secrets from LiteLLM's CI/CD runner via a previously backdoored dependency, uploading malicious versions containing a python startup hook payload.

Signals
2
Last updated
2026-03-24
Hunting
Has script
#supply-chain
medium5 signals

Aqua Security Trivy CI/CD Pipeline & Tag Poisoning

On March 19, 2026, the widely adopted container vulnerability scanner Trivy was compromised in a major supply chain attack. Cybercrime group TeamPCP poisoned version tags to harvest and exfiltrate runner credentials.

Signals
5
Last updated
2026-03-19
Hunting
Has script
#supply-chain
medium7 signals

PyPI spellcheckpy Typosquatting RAT Campaign

Attackers published typosquatted versions of the popular pyspellchecker library to deliver a Remote Access Trojan (RAT) hidden inside compressed Basque dictionary files.

Signals
7
Last updated
2026-01-23
Hunting
Has script
#supply-chain
medium3 signals

semantic-types PyPI Solana Keypair Monkey Patch

Socket reported that semantic-types became malicious at version 0.1.5 and 0.1.6, with five Solana-themed PyPI packages pulling it transitively. The payload monkey-patched solders[.]keypair[.]Keypair constructors, encrypted Solana private keys with an RSA-2048 public key, and exfiltrated ciphertext through Solana Devnet SPL memo transactions.

Signals
3
Last updated
2025-01-26
Hunting
Has script
#supply-chain